Mirror
/
app-MAIL-temp
mirror of https://github.com/simple-login/app.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix user could go to MFA page directly

This commit is contained in:
Son NK 2020-01-03 23:42:35 +01:00
parent 35aa8f1438
commit 4208ba379f
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
app/auth/views/mfa.py
View File

@ -17,11 +17,18 @@ class OtpTokenForm(FlaskForm):
@auth_bp.route("/mfa", methods=["GET", "POST"])
def mfa():
# passed from login page
user_id = session[MFA_USER_ID]
user_id = session.get(MFA_USER_ID)
# user access this page directly without passing by login page
if not user_id:
flash("Unknown error, redirect back to main page", "warning")
return redirect(url_for("dashboard.index"))
user = User.get(user_id)
if not user.enable_otp:
raise Exception("Only user with MFA enabled should go to this page. %s", user)
if not (user and user.enable_otp):
flash("Only user with MFA enabled should go to this page", "warning")
return redirect(url_for("dashboard.index"))
otp_token_form = OtpTokenForm()
next_url = request.args.get("next")